Mercurial > kallithea

changeset 1618:9353189b7675 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added automatic logout of deactivated/deleted users
author Liad Shani <liadff@gmail.com>
date Thu, 27 Oct 2011 20:40:49 +0200
parents cf128ced8c85
children 6ece8795104a
files rhodecode/lib/auth.py rhodecode/lib/base.py rhodecode/model/user.py
diffstat 3 files changed, 11 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/rhodecode/lib/auth.py	Wed Oct 26 21:59:22 2011 +0200
+++ b/rhodecode/lib/auth.py	Thu Oct 27 20:40:49 2011 +0200
@@ -271,13 +271,11 @@
         if self._api_key and self._api_key != self.anonymous_user.api_key:
             #try go get user by api key
             log.debug('Auth User lookup by API KEY %s', self._api_key)
-            user_model.fill_data(self, api_key=self._api_key)
-            is_user_loaded = True
+            is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
         elif self.user_id is not None \
             and self.user_id != self.anonymous_user.user_id:
             log.debug('Auth User lookup by USER ID %s', self.user_id)
-            user_model.fill_data(self, user_id=self.user_id)
-            is_user_loaded = True
+            is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
         elif self.username:
             log.debug('Auth User lookup by USER NAME %s', self.username)
             dbuser = User.get_by_username(self.username)
@@ -296,6 +294,8 @@
                 #then we set this user is logged in
                 self.is_authenticated = True
             else:
+                self.user_id = None
+                self.username = None
                 self.is_authenticated = False
 
         if not self.username:
--- a/rhodecode/lib/base.py	Wed Oct 26 21:59:22 2011 +0200
+++ b/rhodecode/lib/base.py	Thu Oct 27 20:40:49 2011 +0200
@@ -50,7 +50,8 @@
                 username = None
 
             self.rhodecode_user = c.rhodecode_user = AuthUser(user_id, api_key, username)
-            if not self.rhodecode_user.is_authenticated:
+            if not self.rhodecode_user.is_authenticated and \
+                       self.rhodecode_user.user_id is not None:
                 self.rhodecode_user.set_authenticated(
                                         getattr(session.get('rhodecode_user'),
                                        'is_authenticated', False))
--- a/rhodecode/model/user.py	Wed Oct 26 21:59:22 2011 +0200
+++ b/rhodecode/model/user.py	Thu Oct 27 20:40:49 2011 +0200
@@ -243,16 +243,19 @@
             else:
                 dbuser = self.get(user_id)
 
-            if dbuser is not None:
+            if dbuser is not None and dbuser.active:
                 log.debug('filling %s data', dbuser)
                 for k, v in dbuser.get_dict().items():
                     setattr(auth_user, k, v)
+            else:
+                return False
 
         except:
             log.error(traceback.format_exc())
             auth_user.is_authenticated = False
+            return False
 
-        return auth_user
+        return True
 
     def fill_perms(self, user):
         """